From b2b1048beecfc34f7b03fced6d3fe7bd0016eb08 Mon Sep 17 00:00:00 2001
From: Dominique Fournier <dominique@fournier38.fr>
Date: Fri, 19 Sep 2014 07:28:02 +0000
Subject: [PATCH] authzgroups : add titles translation to definition of tables
 to be easily integrated

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@1832 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
---
 authzgroups.php | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/authzgroups.php b/authzgroups.php
index 0b305af..4781e87 100644
--- a/authzgroups.php
+++ b/authzgroups.php
@@ -5,14 +5,6 @@
 
 require_once ("domframework/dblayer.php");
 
-// TODO : Create a function to get from database an array with object=>right for
-// a module/user. Store in $_SESSION if it exists. Return the RW right for an
-// object if more than one group provide the RW right. (Example : group1=>RO,
-// group2=>RW --> Result=>RW)
-// TODO : Create a function to get a right for an object. Look at the previous
-// function for the datas (and in $_SESSION if the datas are already saved).
-// Don't forget to parse all the tree !! If one node is not defined, NO ACCESS
-
 /** All the needed functions to authorize or deny access to an authenticated
     user by its groups membership */
 class authzgroups
@@ -91,7 +83,10 @@ class authzgroups
   public function allow ($module, $user, $object)
   {
     $ressource = $this->userrightsget ($module, $user);
-    // Limit to allowed trees : if a member of the path is not recorded (is 
+    // The complete tree should not be readable for the user : it can have
+    // access to a card, but not to all the cards (group -> reject,
+    // group/XXX->allow)
+    /*// Limit to allowed trees : if a member of the path is not recorded (is 
     // unreadable), return NO.
     // Can be the last entry (the complete object) too
     $path = explode ("/", $object);
@@ -107,7 +102,9 @@ class authzgroups
           echo "DEBUG allow : REJECT because $completePath is not found\n";
         return "NO";
       }
-    }
+    }*/
+    if (! isset ($ressource[$object]))
+      return "NO";
     return $ressource[$object];
   }
 
@@ -141,6 +138,10 @@ class authzgroups
       "comment"=>array ("varchar", "255"));
     $this->dbGroup->primary = "idgroup";
     $this->dbGroup->unique = array ("idgroup", array ("module","group"));
+    $this->dbGroup->titles = array ("idobject"=>_("idobject"),
+                                    "module"=>_("Module"),
+                                    "object"=>_("Object"),
+                                    "comment"=>_("Comment"));
 
     $this->dbGroupMember = new dblayer ($dsn, $username, $password,
                                         $driver_options);